Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer device implemented method for securing a data segment, the method comprises: encrypting the data segment utilizing an encryption key to produce an encrypted data segment; performing a deterministic function on the encrypted data segment to produce a transformed representation of the encrypted data segment; masking the encryption key utilizing the transformed representation of the encrypted data segment to produce a masked key; partitioning the masked key into a plurality of masked key partitions; partitioning the encrypted data segment into a plurality of encrypted data segment partitions; combining the plurality of masked key partitions with the plurality of encrypted data segment partitions to produce a plurality of combined partitions; and for a combined partition of the plurality of combined partitions, encoding the combined partition using a dispersed storage error coding function to produce a set of encoded data slices.
2. The computer device implemented method of claim 1 further comprises: determining a partitioning scheme based on a desired level of security; partitioning the masked key in accordance with the partitioning scheme; and partitioning the encrypted data segment in accordance with the partitioning scheme.
3. The computer device implemented method of claim 1 , wherein the combining the plurality of masked key partitions with the plurality of encrypted data segment partitions comprises: establishing a pseudo random combining process; and combining the plurality of masked key partitions with the plurality of encrypted data segment partitions in accordance with the pseudo random combining process.
4. The computer device implemented method of claim 1 , wherein the combining the plurality of masked key partitions with the plurality of encrypted data segment partitions further comprises: combining the plurality of masked key partitions with the plurality of encrypted data segment partitions in accordance with an interleaving process.
5. The computer device implemented method of claim 1 , wherein the encoding the combined partition further comprises: encrypting the combined partition utilizing a second encryption key to produce an encrypted combined partition; performing a deterministic function on the encrypted combined partition to produce a transformed representation of the encrypted combined partition; masking the second encryption key utilizing the transformed representation of the encrypted combined partition to produce a second masked key; appending the second masked key to the encrypted combined partition to produce a further combined partition; and encoding the further combined partition using the dispersed storage error coding function to produce the set of encoded data slices.
6. The computer device implemented method of claim 1 further comprises: outputting the set of encoded data slices for storage in a dispersed storage unit of a dispersed storage network.
7. The computer device implemented method of claim 1 further comprises: outputting the set of encoded data slices for storage in a set of dispersed storage (DS) units of a dispersed storage network, wherein a first DS unit of the set of DS units stores a first encoded data slice of the set of encoded data slices.
8. The computer device implemented method of claim 1 further comprises: encoding remaining combined partitions of the plurality of combined partitions using the dispersed storage error coding function to produce sets of encoded data slices and wherein the set of encoded data slices and the sets of encoded data slices produces a plurality of sets of encoded data slices.
9. The computer device implemented method of claim 8 further comprises: outputting the plurality of sets of encoded data slices for storage in a plurality of dispersed storage (DS) units of a dispersed storage network, wherein a first DS unit of the plurality of DS units stores a first set of the plurality of sets of encoded data slices.
10. The computer device implemented method of claim 8 further comprises: outputting the plurality of sets of encoded data slices for storage in a plurality of dispersed storage (DS) units of a dispersed storage network, wherein a first DS unit of the plurality of DS units stores a first encoded data slice of at least some of the plurality of sets of encoded data slices.
11. The computer device implemented method of claim 8 further comprises: outputting the plurality of sets of encoded data slices for storage in a plurality of sets of dispersed storage (DS) units of a dispersed storage network, wherein a first set of DS unit of the plurality of sets of DS units stores a first set of the plurality of sets of encoded data slices.
12. A dispersed storage (DS) module comprises: a first module, when operable within a computing device, causes the computing device to: encrypt a data segment utilizing an encryption key to produce an encrypted data segment; perform a deterministic function on the encrypted data segment to produce a transformed representation of the encrypted data segment; and mask the encryption key utilizing the transformed representation of the encrypted data segment to produce a masked key; a second module, when operable within the computing device, causes the computing device to: partition the masked key into a plurality masked key partitions; and partition the encrypted data segment into a plurality of encrypted data segment partitions; a third module, when operable within the computing device, causes the computing device to: combine the plurality of masked key partitions with the plurality of encrypted data segment partitions to produce a plurality of combined partitions; and a fourth module, when operable within the computing device, causes the computing device to: for a combined partition of the plurality of combined partitions, encode the combined partition using a dispersed storage error coding function to produce a set of encoded data slices.
13. The DS module of claim 12 , wherein the second module is further operable to: determine a partitioning scheme based on a desired level of security; partition the masked key in accordance with the partitioning scheme; and partition the encrypted data segment in accordance with the partitioning scheme.
14. The DS module of claim 12 , wherein the third module is operable to combine the plurality of masked key partitions with the plurality of encrypted data segment partitions by: establishing a pseudo random combining process; and combining the plurality of masked key partitions with the plurality of encrypted data segment partitions in accordance with the pseudo random combining process.
15. The DS module of claim 12 , wherein the third module is further operable to combine the plurality of masked key partitions with the plurality of encrypted data segment partitions by: combining the plurality of masked key partitions with the plurality of encrypted data segment partitions in accordance with an interleaving process.
16. The DS module of claim 12 , wherein the fourth module is further operable to encode the combined partition by: encrypting the combined partition utilizing a second encryption key to produce an encrypted combined partition; performing a deterministic function on the encrypted combined partition to produce a transformed representation of the encrypted combined partition; masking the second encryption key utilizing the transformed representation of the encrypted combined partition to produce a second masked key; appending the second masked key to the encrypted combined partition to produce a further combined partition; and encoding the further combined partition using the dispersed storage error coding function to produce the set of encoded data slices.
17. The DS module of claim 12 , wherein the fourth module is further operable to: output the set of encoded data slices for storage in a dispersed storage unit of a dispersed storage network.
18. The DS module of claim 12 , wherein the fourth module is further operable to: output the set of encoded data slices for storage in a set of dispersed storage (DS) units of a dispersed storage network, wherein a first DS unit of the set of DS units stores a first encoded data slice of the set of encoded data slices.
19. The DS module of claim 12 , wherein the fourth module is further operable to: encode remaining combined partitions of the plurality of combined partitions using the dispersed storage error coding function to produce sets of encoded data slices and wherein the set of encoded data slices and the sets of encoded data slices produces a plurality of sets of encoded data slices.
20. The DS module of claim 19 , wherein the fourth module is further operable to: output the plurality of sets of encoded data slices for storage in a plurality of dispersed storage (DS) units of a dispersed storage network, wherein a first DS unit of the plurality of DS units stores a first set of the plurality of sets of encoded data slices.
21. The DS module of claim 19 , wherein the fourth module is further operable to: output the plurality of sets of encoded data slices for storage in a plurality of dispersed storage (DS) units of a dispersed storage network, wherein a first DS unit of the plurality of DS units stores a first encoded data slice of at least some of the plurality of sets of encoded data slices.
22. The DS module of claim 19 , wherein the fourth module is further operable to: output the plurality of sets of encoded data slices for storage in a plurality of sets of dispersed storage (DS) units of a dispersed storage network, wherein a first set of DS unit of the plurality of sets of DS units stores a first set of the plurality of sets of encoded data slices.
Unknown
July 15, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.